Re: [PATCH] Quote filename passed to $EDITOR

From: Ulrich Drepper <drepper_at_redhat.com>
Date: 2002-07-23 18:30:08 CEST

On Tue, 2002-07-23 at 01:08, Sander Striker wrote:
> No time to commit right now.

> /* Now, run the editor command line. */
> - cmd = apr_psprintf (pool, "%s %s", editor, tmpfile_native);
> + cmd = apr_psprintf (pool, "%s \"%s\"", editor, tmpfile_native);
> sys_err = system (cmd);
> if (sys_err != 0)

Why not use single quotes? The above just opens a hole for environment
variable expansion (unintentional or malicious).

-- 
---------------.                          ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Red Hat          `--' drepper at redhat.com   `------------------------

application/pgp-signature attachment: This is a digitally signed message part

Received on Tue Jul 23 18:30:42 2002

This message: [ Message body ]
Next message: Andrew Finkenstadt: "RE: [PATCH] Quote filename passed to $EDITOR"
Previous message: Joe Orton: "Re: svn commit: rev 2637 - trunk/subversion/mod_dav_svn"
In reply to: Sander Striker: "[PATCH] Quote filename passed to $EDITOR"
Next in thread: Andrew Finkenstadt: "RE: [PATCH] Quote filename passed to $EDITOR"
Reply: Andrew Finkenstadt: "RE: [PATCH] Quote filename passed to $EDITOR"
Reply: Karl Fogel: "Re: [PATCH] Quote filename passed to $EDITOR"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]